Technology Tips And Tricks – 9 Best Practices for Code Review

Hello Readers, CoolMonkTechie heartily welcomes you in Technology Best Tips and Tricks Series.

In this series article, we will discuss about the nine best practices for code review. Code reviews are important. They improve code quality. They make your codebase more stable. And they help programmers build relationships and work together more effectively.

But reviewing a peer’s code is easier said than done. And running a review process can be a nightmare for team leads. For that reason, we explain what to look for in a code review, the code review process, and what are the nine best practices for code review.

A Famous quote about Programming is :

Experience is the name everyone gives to their mistakes.

Here are the nine best practices for code review: 

  1. Know What to Look for in a Code Review
  2. Build and Test — Before Review
  3. Don’t Review Code for Longer Than 60 Minutes
  4. Check No More Than 400 Lines at a Time
  5. Give Feedback That Helps (Not Hurts)
  6. Communicate Goals and Expectations
  7. Include Everyone in the Code Review Process
  8. Foster a Positive Culture
  9. Automate to Save Time


1. Know What to Look for in a Code Review

It’s important to go into reviews knowing what to look for. Look for key things, such as…

  • Structure
  • Style
  • Logic
  • Performance
  • Test coverage
  • Design
  • Readability (and maintainability)
  • Functionality

We can do automated checks (e.g., static analysis) for some of the things — e.g., structure and logic. But others — e.g., design and functionality — require a human reviewer to evaluate.

Reviewing code with certain questions in mind can help us focus on the right things. For instance, we might evaluate code to answer:

  • Do we understand what the code does?
  • Does the code function as we expect it to?
  • Does this code fulfill regulatory requirements?

“By evaluating code critically — with questions in mind — we’ll make sure we check for the right things. And we’ll reduce time when it comes to testing.”


2. Build and Test — Before Code Review

In today’s era of Continuous Integration (CI), it’s key to build and test before doing a manual review. Ideally, after tests have passed, we’ll conduct a review and deploy it to the dev code line.

This ensures stability. And doing automated checks first will cut down on errors and save time in the review process.

“Automation keeps you from wasting time in reviews.”


3. Don’t Review Code For Longer Than 60 Minutes

Never review for longer than 60 minutes at a time. Performance and attention-to-detail tend to drop off after that point. It’s best to conduct reviews often (and in short sessions).

Taking a break will give our brain a chance to reset. So, we can review it again with fresh eyes.

Giving ourself time to do short, frequent reviews will help us improve the quality of the codebase.”


4. Check No More Than 400 Lines at a Time

If we try to review too many lines of code at once, we’re less likely to find defects. Try to keep each review session to 400 lines or less. Setting a line-of-code (LOC) limit is important for the same reasons as setting a time limit. It ensures we are at our best when reviewing the code.

Focusing on fewer than 400 lines makes our reviews more effective. And it helps us ensure higher quality in the codebase.


5. Give Feedback That Helps (Not Hurts)

Try to be constructive in our feedback, rather than critical. We can do this by asking questions, rather than making statements. And remember to give praise alongside our constructive feedback.

Giving feedback in-person (or even doing your review in-person) will help us communicate with the right tone.

Our code will always need to be reviewed. And we’ll always need to review our coworkers’ code. When we approach reviews as a learning process, everyone wins.


6. Communicate Goals and Expectations

We should be clear on what the goals of the review are, as well as the expectations of reviewers. Giving our reviewers a checklist will ensure that the reviews are consistent. Programmers will evaluate each other’s code with the same criteria in mind.

” By communicating goals and expectations, everyone saves time. Reviewers will know what to look for — and they’ll be able to use their time wisely in the review process.”


7. Include Everyone in the Code Review Process

No matter how senior the programmer is, everyone needs to review and be reviewed. After all, everyone performs better when they know someone else will be looking at their work.

When we’re running reviews, it’s best to include both another engineer and the software architect. They’ll spot different issues in the code, in relation to both the broader codebase and the overall design of the product.

” Including everyone in the review process improves collaboration and relationships between programmers.”


8. Foster a Positive Culture

Fostering a positive culture around reviews is important, as they play a vital role in product quality. It doesn’t matter who introduced the error. What matters is the bug was caught before it went into the product. And that should be celebrated.

” By fostering a positive culture, you’ll help your team appreciate (rather than dread) reviews. “


9. Automate to Save Time

There are some things that reviewers will need to check in manual reviews. But there are some things that can be checked automatically using the right tools.

Static code analyzers, for instance, find potential issues in code by checking it against coding rules. Running static analyzers over the code minimizes the number of issues that reach the peer review phase. Using tools for lightweight reviews can help, too.

” By using automated tools, you can save time in peer review process. This frees up reviewers to focus on the issues that tools can’t find — like usability.”

That’s all about in this article.


Conclusion

In this article, We understood about the nine best practices for Code Review.

Thanks for reading ! I hope you enjoyed and learned about nine best practices steps for Code Review. Reading is one thing, but the only way to master it is to do it yourself.

Please follow and subscribe us on this blog and and support us in any way possible. Also like and share the article with others for spread valuable knowledge.

If you have any comments, questions, or think I missed something, feel free to leave them below in the comment box.

Thanks again Reading. HAPPY READING !!???

Technology Tips And Tricks – Best Security Checklist for Mobile Development Here​​

Hello Readers, CoolMonkTechie heartily welcomes you in Technology Best Tips and Tricks Series.

In this series article, we will discuss about Security checklist of mobile application which helps every developers to build secure mobile application. Almost every business has a mobile app on which it gives various features and facilities to its customers. The app stores display and transmit sensitive data. A business app that does not use proper security protections can put corporate resources and personal information at risk, which can lead to fines.

A Famous quote about Science is :

“Prevention is better than cure.”


So Let’s begin.

Overview

Security is always a concern when creating an application, but it’s often overlooked when developing the application. And what’s overlooked in the beginning becomes a dormant vulnerability later on that may threaten your business, but you might not be able to catch it then before something happens.

With ever-advancing mobile technology, mobile application security has become a vital topic that every major enterprise must consider and understand.

Sensitive information stored on a device could be lost or stolen, which can lead to a data breach, compliance violations, and expensive and/or embarrassing public disclosures.

Large organizations acknowledge mobile device threats and vulnerabilities and perceive that they have correct security protection.

Corporations nowadays leverage mobile applications to distribute relevant, critical data to their workforce, partners, or customers.The productivity regarding mobile devices comes at a price — security risk increases.

Mobile applications create yet another path into enterprise networks, allowing criminals, fraudsters, and hackers to propagate malicious code.

For that reason, it’s often best to account for security from the very start and it’s definitely not a time waste.


Mobile App Security Standards/Checklist:

There are a few practices that you could follow when creating an application that will help you create more secure applications on the go. Here’s the list that you could follow:


1. Securing the source code

Creating an impactful app and following every guideline to make it secure while leaving the source code open to anyone can result in security risks.

Most of the source code is often on the client side, such as UI and business logic. If this sensitive information gets into the wrong hands like hackers, then it could damage your business.

There is a process known as obfuscation, where the source code is changed in such a way so that it confuses the person who tries to read it and do some changes in it.

It does alteration in classes, attribute names to meaningless characters or names. The whole aim of this is to make the code too confusing so that nobody can understand it.


2. Securing the files and the database

It’s not enough to secure the code base, you also need to secure the data. You need to store data on the device for all sort of reasons, this data can include critical information such as user credentials or payment info, for that reason you should always make sure that the data you’re storing on the user’s end is encrypted to prevent its leakage.


3. Securing Communications

Network security in mobile development is not as trivial as it is for web development, and many companies and developers do not opt network security in their development process. It’s not enough to secure the data on the generation and storage points only.

Your application’s data should also be secured in transit, that means that sending and receiving data inside your application should be via secure mediums, with a VPN tunnel, SSL, TLS or HTTPS communication. This way, if anyone managed to eavesdrop on your network requests, they wouldn’t be able to decipher the data out and security will be ensured, otherwise, attacks such as packet-sniffing and man-in-the-middle would be a serious threat to your application. 


4. Consider Data Portability

Data portability is the practice of using user data across different platforms and services. Like using your Facebook account to sign in other platforms like StackOverflow or GitHub. This allows you to leverage the security of the bigger companies and use it on your side, inside of implementing all the user’s authentication and private data all from scratch, it also makes it easier for the user as more people find it plausible to use their old accounts than create new ones.

A popular protocol for that is OAUTH.The simple flow of OAuth allows you to access the protected resources a.k.a user data on the other end by just storing the access token, which saves you the hassle of collecting and protecting that data.


5. Brace for Reverse Engineering

This might be more specific to Android applications since Android is an open source platform, which means anyone can look up the source code, make modifications on the OS any way they want. For this reason, you’ll need an understanding of the Java-based Android environment as well as of the Linux os kernel to understand the process and understand how you can protect your application against reverse engineering.


6. Perform Input Validation

Input validation is one of the most important practices of taking a user’s input, yet it’s often disregarded in the development process for the sake of “speed”. Input validation allows you to check the data supplied by the user to prevent malformed data. Input validation is very common in most frameworks, both on the web and mobile development and you should make use of it.


7. Use Cryptography wisely

Encrypting your data, or hashing the passwords doesn’t necessarily dictate that your application is secure. In fact, broken cryptography is the most common threat to mobile applications. You should avoid weak or broken algorithms and make sure that your program doesn’t use them. These algorithms include MD5, MD4, SHA1, BLOWFISH, RC2, and RC4. Cryptography is a strong element of security in a mobile application, and hence, if used correctly it can protect your application and data.


8. Implement strong authentication and authorization systems

One of the most important steps towards application security is to use strong authentication and authorization systems that consider salient features like privacy, session management, identity management, and device security.


9. Understand the platform and frameworks

Most of the mobile apps developed nowadays run either on Google Android or Apple iOS. Fewer run on Windows devices and Blackberry devices. Organizations try to create apps that run on multiple operating systems. These apps are known as hybrid apps. There are various companies that provide you hybrid app development services.

Mobile developers need to understand how security works on each targeted OS and the various risks that can come in these apps. Preparation against security threats can reduce them to a large extent.

Security has always been an issue in the IT industry. And at present, hackers are using newer methods to hack various applications. Hence, it is must to stay updated with all the possible security checklists.


10. Perform Penetration Testing

Penetration testing is one of the most important stages of securing an application as it can scan a wide range of vulnerabilities. It simulates what an attacker can do in various environments and modes of operation. A lot of people confusing regular software testing with penetration testing, but they are really different and serve different purposes, but you need to do both.

That’s all about in this article.


Conclusion

In this article, We understood about security checklist for mobile app development.

Security is everyone’s concern, it’s true that most users wouldn’t regard the permissions given by the application they’re using, and they can’t possibly tell if an application is secure or not. But should a leakage happen, it is going to be your responsibility as a developer.

There are various ways that you can consider in order to make your mobile app secure:

  • Make your source code secure using obfuscation. It is a method in which the source code is changed in a form which is quite confusing. Hence, in case, your code is in wrong hands, he would not be able to misuse it.
  • Use cryptography in a smart way. Don’t use weak algorithms while using this technique. Cryptography when used in a proper way, can provide high-level security to mobile apps.
  • Protect app data on the device. Do not store sensitive data on your mobile app. If necessary, encrypt it with the latest encryption technologies.
  • Penetration testing. It is different from normal testing and is quite effective in making a mobile app secure.
  • Utilizing the data portability. Using Data portability, you can use the security offered by big companies like Facebook and Google.
  • Making communication secure. Use VPN, SSL, and HTTPS in order to make the transmission of data through a secure medium.
  • Understand the platforms and frameworks. If you create hybrid apps, you need to understand how security works on every focused operating system.

Thanks for reading ! I hope you enjoyed and learned about Mobile Application Security Checklist. Reading is one thing, but the only way to master it is to do it yourself.

Please follow and subscribe us on this blog and and support us in any way possible. Also like and share the article with others for spread valuable knowledge.

If you have any comments, questions, or think I missed something, feel free to leave them below in the comment box.

Thanks again Reading. HAPPY READING !!???

Exit mobile version